From owner-freebsd-questions@FreeBSD.ORG Mon Nov 15 20:22:00 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3079C16A4CE for ; Mon, 15 Nov 2004 20:22:00 +0000 (GMT) Received: from andsmith.com (andsmith.com [207.103.137.206]) by mx1.FreeBSD.org (Postfix) with ESMTP id B3FB843D31 for ; Mon, 15 Nov 2004 20:21:59 +0000 (GMT) (envelope-from andsmith@andsmith.com) Received: from loriandsmith (roc-66-66-113-76.rochester.rr.com [66.66.113.76]) by andsmith.com (8.12.11/8.12.11) with SMTP id iAFKTCex030767 for ; Mon, 15 Nov 2004 15:29:14 -0500 (EST) (envelope-from andsmith@andsmith.com) Message-ID: <001e01c4cb50$be9933b0$19c8a8c0@loriandsmith> From: "Andrew Smith" To: Date: Mon, 15 Nov 2004 15:21:47 -0500 MIME-Version: 1.0 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.1 Subject: ipf firewall questions X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Nov 2004 20:22:00 -0000 I'm using ipf as my firewall, and I can't figure out why OWA is being = blocked going to 172.20.0.11. Below is the current config file which = works. But if I removed the fourth line, my users can't access OWA = externally. I would have thought the lines: pass out quick from = 172.20.0.0/24 to any keep state and pass in quick from any to = 172.20.0.0/24 would have superceded the line block out log proto tcp = from any to any port =3D 80. Any suggestions would be helpful. Andrew -------------------------------------------------------------------- # # Permit Outlook Web Access # pass in quick proto tcp from any to 172.20.0.11 port =3D 80 keep state=20 # # Allow All College Traffic # pass in quick from 10.0.0.0/8 to any pass out quick from any to 10.0.0.0/8 # # Permit all Network Critical Machines Access # pass out quick from 172.20.0.0/24 to any keep state pass in quick from any to 172.20.0.0/24 # # Permit all Network Teacher/Staff Computers Access # pass out quick from 172.20.1.0/24 to any keep state pass in quick from any to 172.20.1.0/24 # # Block all Network Traffic from Student Used Computers # block out quick from 172.20.2.0/24 to any block in quick from any to 172.20.2.0/24 # # Block all Network Traffic from Student Owned Computers # block out quick from 172.20.3.0/24 to any block in quick from any to 172.20.3.0/24 # # Block any other Port 80 or 443 Access # block out log proto tcp from any to any port =3D 80 block out log proto tcp from any to any port =3D 443